Levi Villarreal Levi Villarreal - 1 year ago 59
HTML Question

PHP contact form sends message through senders address

Recently I've been having problems with my PHP contact form. It's worked great for about two years, and I haven't changed anything, so I don't really understand what the problem is. Here's the code:


// Check for header injections
function has_header_injection($str) {
return preg_match ( "/[\r\n]/", $str );

if(isset ($_POST['contact_submit'])) {

$name = trim($_POST['name']);
$email = trim($_POST['email']);
$tel = trim($_POST['tel']);
$msg = $_POST['message'];

// check to see if name or email have header injections
if (has_header_injection($name) || has_header_injection($email)){



if ( !$name || !$email || !$msg ) {

echo '<h4 class="error">All Fields Required</h4><a href="page.php" target="_blank" class="button link">Go back and try again</a>';


// add the recipient email to a variable
$to = "example@example.net";

// Create a subject
$subject = "$name sent you an email";

// construct your message
$message .= "Name: $name sent you an email\r\n";
$message .= "Telephone: $tel\r\n";
$message .= "Email: $email\r\n\r\n";
$message .= "Message:\r\n$msg";

$message = wordwrap(message, 72);

// set the mail header
$headers = "MIME=Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\r\n";
$headers .= "\r\nFrom: " . $name . " \r\n\r\n" . $tel . " \r\n\r\n " . $msg . "\r\n\r\n <" . $email . "> \r\n\r\n";
$headers .= "X-Priority: 1\r\n";
$headers .= "X-MSMail-Priority: high\r\n\r\n";

// Send the Email
mail( $to, $subject, $message, $headers );



<!-- Show Success message -->
<h2>Thanks for contacting Us!</h2>
<p align="center">Please allow 24 hours for a response</p>
<p><a href="index.php" class="button block">&laquo; Go to Home Page</a></p>

<?php } else { ?>

<form method="post" action="" id="contact-form">

<label for="name">Your Name</label>
<input type="text" id="name" name="name">

<label for="tel">Your Phone Number</label>
<input type="tel" id="tel" name="tel">

<label for="email">Your Email</label>
<input type="email" id="email" name="email">

<label for="message">the date/time you wish to sign up for</label>
<textarea id="message" name="message"></textarea>

<input type="submit" class="button next" name="contact_submit" value="Sign Up">


<?php } ?>

However, when the contact form is submitted, instead of sending the information to the body of the email, it sends it in the "From" section of the email. For example, the email might say:

To: Web Developer

From: Bob Smith 888-888-8888 mondays, wednesdays fridays

Subject: Bob Smith sent you an email!


X-Priority: 1X-MSMail-Priority: high


I don't really know what's going on, so any help would be appreciated!

Answer Source

You are adding all that info in the "from" header.

$headers .= "\r\nFrom: " . $name . " \r\n\r\n" . $tel . " \r\n\r\n " . $msg . "\r\n\r\n <" . $email . "> \r\n\r\n";

Change your headers to this:

$headers = "MIME=Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\r\n";
$headers .= "From: {$name} <{$email}>\r\n"; // Removed all extra variables
$headers .= "X-Priority: 1\r\n";
$headers .= "X-MSMail-Priority: high\r\n";

and it should work.

You are already sending the $message, containing all the above data in the body as well.

Why you haven't experienced this before is however a mystery.

NOTE: You only need to have one \r\n after each header.

You should also change this row:

$message = wordwrap(message, 72);


$message = wordwrap($message, 72); // Adding $ in front of the variable.
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download